Once the NHS has dealt with the immediate problem of restoring its systems to full working order after it has dealt with the cyber attack that crippled its systems, we need to address another, pressing issue.
Cyber attacks are not going away. Reports at the weekend talked about the development of a new type of self-propagating worm that can infect systems with no human intervention. Today’s analysis is that this could have been the result of a single employee opening an infected email.
It is extraordinary that the UK’s biggest public institution is reportedly still running an outdated, unsupported operating system, the flaws in which were unpatched. And it is terrifying to think that, if reports are true, a single moment of human error can bring down something as huge as the NHS.
But it happens in big organisations. One person, working from home and outside corporate security controls, sends an email or a message to a colleague that contains content that is infected. Within hours, it’s spread all over the world.
So often, this is what security comes down to. One person, opening one email. As phishing and hacking techniques get more sophisticated, we will only see an increase in these kind of attacks. We simply won’t be able to avoid them. The speed at which information travels from person to person now means that anything can – and does – spread virally. You can’t track where it’s gone, or where it’s likely to end up.
There is an irony here, of course. In the case of a medical virus spreading, the NHS would take every precaution to shut down infected areas, control the movement of doctors and visitors, and quarantine patients.
But in the case of a computer virus, the system simply can’t cope.
The problem comes down to people sending infected content via email. The only guaranteed solution, like a prophylactic, is to stop the infection being sent in the first place.
With Pushfor, we’ve reimagined how content is shared. Nothing leaves central corporate security control. Content is projected, not sent. So in the case of an infection, it can immediately be ‘quarantined’, and access to it pulled to stop its spread. It can be analysed to show who has had access to content, and where they are in the world. Content stays within corporate control.
If human error causes these massive security breaches, we must stop relying on humans to fix the problem. It’s not working. Instead, it’s time to re-think how we approach security. And that means changing how we share content.